ignore a vulnerabilty found by snyk

This vulnerability is a buffer overflow in a protocol buffer library used by a dependency. Our services don't use protocol buffers, so we shouldn't be using whatever part of that has the vulnerability. The full path to the vulnerability is: github.com/tidepool-org/clinic/client@#ad2e71e79f6f > github.com/deepmap/oapi-codegen/pkg/[email protected] > github.com/kataras/iris/[email protected] > github.com/kataras/iris/v12/x/[email protected] > github.com/kataras/iris/v12/macro/[email protected] > github.com/kataras/iris/v12/[email protected] > google.golang.org/protobuf/encoding/[email protected]
tidepool-org · Jan 17, 2024 · a70173c · a70173c
1 parent 00aa368
commit a70173c
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -10,7 +10,7 @@ jobs:
       env:
         SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
       with:
-        args: --dev --org=tidepool
+        args: snyk ignore --id=SNYK-GOLANG-GOOGLEGOLANGORGPROTOBUFENCODINGPROTOJSON-6137908 --expiry=2024-04-16 --policy-path=.snyk
     - name: Send vulnerability data to snyk
       uses: snyk/actions/golang@master
       env: